Mineral Gap is the first designed and constructed Tier III certified data center in the state of Virginia. Tier III is one of four “tiers” created by the Uptime Institute to indicate the level and type of standards a data center meets. The Uptime Institute certifies that Mineral Gap was designed and constructed to its very rigorous Tier III standard, which includes 99.982% uptime, no more than 1.6 hours of downtime per year, and is N+1 fault tolerant providing at least 72-hour power outage protection. Mineral Gap was built after the Uptime Institute awarded the facility its Tier Certification of Design Documents (TCDD), and then obtained Tier Certification of Constructed Facility (TCCF) upon construction — so it was Tier III certified from day one.
Mineral Gap is NIST compliant (DFARS/NIST SP 800-171) and meets its facility, security, and internal system requirements. NIST develops and issues standards, guidelines, and other publications to assist federal agencies in implementing the Federal Information Security Management Act (FISMA) and in managing cost-effective programs to protect their information and information systems.
Mineral Gap is HITRUST CSF Certified, demonstrating that the facility’s BMS, EPMS, SOC, and NOC Systems have met key regulations and industry-defined requirements in colocation, including hybrid colo, for healthcare and is appropriately managing risk. Achieving HITRUST Common Security Framework (CSF) certification assures healthcare organizations and insurance companies that the facility meets the standards for storing and protecting personal health information (PHI) in compliance with HIPAA (Health Insurance Portability and Accountability Act of 1996) privacy, security and HITECH (Health Information Technology for Economic and Clinical Health) Act of 2009 regulations.
Mineral Gap has seals of excellence from AICPA for successfully completing a SSAE 16 SOC 1 and SOC 2 Type 2 audit, respectively. The SOC 1 report gives auditors associated with Mineral Gap’s customers the assurance that Mineral Gap’s controls are designed and operating effectively, and that these controls do not negatively impact customers’ financial statements. The SOC 2 report ensures customers that Mineral Gap’s controls address design and operating effectiveness for the Security and Availability Trust Service Principles, set forth in TSP Section 100, Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality and Privacy (AICPA, Technical Practice Aids). Both audit reports are Type 2, meaning each contains the added testing of Mineral Gap’s controls to prove their operating effectiveness over a period of time, including a description of the testing performed and the results of those tests.
Mineral Gap is a cloud-neutral facility, but is designed and operated to accommodate FedRAMP-certified cloud providers, making the facility an excellent location for any cloud provider seeking to establish their cloud at Mineral Gap. Mineral Gap’s security and facility meet or exceed the requirements needed for a cloud provider to be FedRAMP certified. FedRAMP, which stands for Federal Risk and Authorization Management Program, is a U.S. government-wide program — mandatory for federal agency cloud deployments — that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
Mineral Gap is compliant with the Federal Information Security Management Act (FISMA). FISMA regulates the information system processes used by all federal agencies and their contractors, and codifies the U.S. government’s approach to protecting its critical infrastructure from cyber threats. FISMA stipulates entities dealing with the government to use or outsource to a FISMA compliant data center. FISMA outlines a detailed set of standardized security best practices a data center must follow and meet to be FISMA compliant.
Mineral Gap is compliant with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is a set of security standards for any and all organizations that accept, process, store or transmit credit cardholder data. The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by Visa, MasterCard, American Express, Discover and JCB. PCI DSS emphasizes a security-first mindset to unify security and compliance.